From 29d5e85179e8bddf71f602fdc4c30daf80b6d58f Mon Sep 17 00:00:00 2001
From: OniriCorpe <oniricorpe@disroot.org>
Date: Sun, 10 Sep 2023 22:07:43 +0200
Subject: [PATCH] initial fail2ban adding

---
 scripts/backup  | 7 +++++++
 scripts/install | 7 +++++++
 scripts/remove  | 8 ++++++++
 scripts/restore | 8 ++++++++
 scripts/upgrade | 7 +++++++
 5 files changed, 37 insertions(+)

diff --git a/scripts/backup b/scripts/backup
index 05535cb..14f4599 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -72,6 +72,13 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
 ynh_backup --src_path="/etc/logrotate.d/$app"
 
+#=================================================
+# BACKUP FAIL2BAN CONFIGURATION
+#=================================================
+
+ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
+
 #=================================================
 # BACKUP SYSTEMD
 #=================================================
diff --git a/scripts/install b/scripts/install
index a79e60f..38140cc 100755
--- a/scripts/install
+++ b/scripts/install
@@ -284,6 +284,13 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate
 
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+
+# Create a dedicated Fail2Ban config
+ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
diff --git a/scripts/remove b/scripts/remove
index 3bd5e14..0298c20 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -92,6 +92,14 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight=
 # Remove the app-specific logrotate config
 ynh_remove_logrotate
 
+#=================================================
+# REMOVE FAIL2BAN CONFIGURATION
+#=================================================
+
+ynh_script_progression --message="Removing fail2ban configuration..." --weight=1
+
+ynh_remove_fail2ban_config
+
 #=================================================
 # CLOSE A PORT
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 460ad56..9247bf9 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -241,6 +241,14 @@ ynh_script_progression --message="Restoring the logrotate configuration..." --we
 
 ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 
+#=================================================
+# RESTORE THE FAIL2BAN CONFIGURATION
+#=================================================
+
+ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
+ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
+ynh_systemd_action --action=restart --service_name=fail2ban
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 83bd7e8..8e13eee 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -410,6 +410,13 @@ ynh_script_progression --message="Upgrading logrotate configuration..."
 # Use logrotate to manage app-specific logfile(s)
 ynh_use_logrotate --non-append
 
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+
+# Create a dedicated Fail2Ban config
+ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================